Mysql error when trying to update database in PHP, and redirected to null location

Question

I am trying to update Mysql database and I am receiving this error in modify.php "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1" Also when the modify button is pressed to submit the modifications made by the user I am redirected to a page that does not exist "http://club-hop.com/modify.php%20method=?inputName=as&inputLine=sdsd&id=3&submit=Modify" The page in question can be viewed at www.club-hop.com

here is the code: modify.php

<?php
//edit_data.php
include "db.inc.php";
if(!isset($_POST['submit'])){
$q= "SELECT * FROM people WHERE ID= $_GET[id]";
$result= mysql_query($q);
$person= mysql_fetch_array($result);
}
?>
<h1> You Are Modifying Your Information </h1>
<form action="<?php echo $_SERVER['PHP_SELF']; ?> method="post">
clubName<input type="text" name="inputName" value="<?php echo $person['clubName']; ?>" /><br />
clubLine<input type="text" name="inputLine" value="<?php echo $person['clubLine']; ?>" />
<br />
<input type="hidden" name="id" value="<?php echo $_GET['id']; ?>" />
<input type="submit" name="submit" value="Modify" />

</form>
<?php 

if(!isset($_POST['submit'])){

   $u= "UPDATE app SET `clubName`='$_POST[inputName]', `clubLine`='$_POST[inputLine]' WHERE ID=     $_POST[id]";
   mysql_query($u) or die(mysql_error()); 

   echo "User has been modified";
   header("Location: index.php");
}
?>

index.php

<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<table>
<tr>
<td align="center">EDIT DATA</td>
</tr>
<tr>
<td>
  <table border="1">
  <?
  include"db.inc.php";//database connection
  $order = "SELECT * FROM app";
  $result = mysql_query($order);
  while ($row=mysql_fetch_array($result)){
    echo ("<tr><td>$row[clubName]</td>");
    echo ("<td>$row[clubLine]</td>");
    echo ("<td><a href=\"modify.php?id=$row[id]\">Edit</a></td></tr>");
  }
  ?>
  </table>
</td>
</tr>
</table>
</body>
</html>

Thank you in advance for any incite into the problem :)

Answer 1

Change if(!isset($_POST['submit'])){ into if(isset($_POST['submit'])){ (remove the '!')

Close the quotes at the end of the action attribute of your form tag.

Your parameters should also be wrapped or isolated from the string in order to work eg. SET field='" . $_POST['something'] . "', ...

Also, don't inject your parameters directly into your query, that's a vulnerability issue to SQL Injections. More info here : How can I prevent SQL injection in PHP?

On a side note, mysql_* functions are deprecated, try not to use them.

Answer 2

try that:

 if(isset($_POST['submit'])){
 $inputname = mysql_real_escape_string($_POST['inputName']);
 $inputLine = mysql_real_escape_string($_POST['inputLine']);
 $id= mysql_real_escape_string($_POST['id']);
 $u= "UPDATE app SET `clubName`='".$inputname."', `clubLine`='".$inputLine."' WHERE ID=     '".$id."' ";
 mysql_query($u) or die(mysql_error()); 

you should escape your variables.

Answer 3

You just forgot to close double quotes of form action.

Replace :-

    <form action="<?php echo $_SERVER['PHP_SELF']; ?> method="post">

With :-

     <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">

Answer 4

Try this:

$q= "SELECT * FROM people WHERE ID= '".$_GET[id]."'";

Problem may occur due to mysql version.

Answer 5

you have a logic error in the use of isset(); , try using if...else to help in debugging