can't edit name into database

Question

i can't update my name into database it's giving an error:

Notice: Undefined index: first_name in C:\Users\Raj\PhpstormProjects\new linkvessel\change_name.php on line 178

Notice: Undefined index: last_name in C:\Users\Raj\PhpstormProjects\new linkvessel\change_name.php on line 178

I have created two column for first_name and last_name into database please where i'm doing wrong? help please

here is my code:

<body>

<div id="left_box"><br>
    &nbsp;&nbsp;<img src="Images/general_setting.png" height="18" width="18"><a href="general_settings.php" style="text-decoration: none; color: #000000; font-family: Arial";> General</a><br><br>
    &nbsp;&nbsp;<img src="Images/photo_setting.png" height="18" width="18"><a href="photo_settings.php" style="text-decoration: none; color: #000000; font-family: Arial";> Photos</a><br><br>
</div>

<div class="box">
    <h1 style="font-family: consolas">Change your name</h1><hr>
    <div id="change_name">
        <label><strong>Your current name: </strong></label>
        <?php
        include('change_setting_db.php');

        while($row = mysqli_fetch_array($result))
        {
            echo $row['first_name']." ".$row['last_name'];            
        }
        ?><br><br>

        <form>
        <label><strong>First name: </strong></label>
        <input type="text" name="first_name">
        <label><strong>Last name: </strong></label>
        <input type="text" name="last_name">
        </form>

        <?php
        $con=mysqli_connect("localhost","root","Bhawanku", "members");
        // Check connection
        if (mysqli_connect_errno())
        {
            echo "Failed to connect to MySQL: " . mysqli_connect_error();
        }

        $result = mysqli_query($con,"SELECT * FROM admin");

        while($row = mysqli_fetch_array($result))
        {

        }

        mysqli_query($con,"UPDATE admin SET first_name='$_POST[first_name]' AND  last_name='$_POST[last_name]' WHERE id='$row[id]' ");

        mysqli_close($con);
        ?>
    </div>
</div>
</body>

EDITED

full source code: http://pastebin.com/TparWavH

did you add "id" field in database and put it primary key and auto increment ?? — Ron, Apr 10 '14 at 08:27
your code is really horrible ... you are assigning last value to `$row[id]` may i ask why? and are you sure both POST are set ? and i hope you know about scope of function/loop — NullPoiиteя, Apr 10 '14 at 08:27
put your form metod="POST" and inspite of $row[id] try putting a static id and run the code — Ron, Apr 10 '14 at 08:30
its clear that your post variable isnt set just first check that they are not empty and set — NullPoiиteя, Apr 10 '14 at 08:31
check this http://stackoverflow.com/questions/1219542/in-where-shall-i-use-isset-and-empty http://stackoverflow.com/questions/4559925/why-check-both-isset-and-empty http://stackoverflow.com/q/1960509/1723893 i think its useful for you — NullPoiиteя, Apr 10 '14 at 08:34
also using mysqli isnt mean you are safe form sql injection your code is vulnerable to sql injection you need to properly escape all request — NullPoiиteя, Apr 10 '14 at 08:38
Instead of `SET first_name='$_POST[first_name]' AND last_name='$_POST[last_name]'` try to first assign it as a variable near the top of your code, under `include('change_setting_db.php');`. I.e.: `$first_name=$_POST['first_name']; $last_name=$_POST['last_name'];` then do `SET first_name='$first_name' AND last_name='$last_name'` which theoretically should fix the problem. You shouldn't be doing it that way also, you're open to SQL injection. @user3518210 — Funk Forty Niner, Apr 10 '14 at 13:19
To add to my above comment, all you have is `
` which defaults to GET. You need to do `
` @user3518210 You're using POST variables here, not GET. — Funk Forty Niner, Apr 10 '14 at 13:22

score 0 · Answer 1 · answered Apr 10 '14 at 08:42

0

<form method="POST" action="where you want to put the action">
        <label><strong>First name: </strong></label>
        <input type="text" name="first_name">
        <label><strong>Last name: </strong></label>
        <input type="text" name="last_name">
        </form>

===============================================

getting the Id of the user you want to update using a select query and then run this

1)RUN SELECT QUERY

2)CHECK USER EXIST

3)IF USER EXIST FETCH HIS ID AND RUN THE UPDATE QUERY.

$update =mysqli_query($con,"UPDATE admin SET first_name='$_POST[first_name]' AND  last_name='$_POST[last_name]' WHERE id='ID' ");

*ID=the id for which you want to update

answered Apr 10 '14 at 08:42

Ron

394
1
12
24

Am I suppose to write the total code line by line .@ NullPoiиteя If you are asking me to put 'isset' to check first and last name exist or not then it must be done ... – Ron Apr 10 '14 at 08:58
2)could you put the sql injection vulnerability warning here so that I could understand it and give the exact solution and when you check with if(isset(VALUE)). then there should not be any problem .Still If I m missing something please put down the warning here – Ron Apr 10 '14 at 09:02
sure no problem ... check this http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – NullPoiиteя Apr 10 '14 at 09:03
no need to sorry . I have not write the total code above if you need .I could do so as well – Ron Apr 10 '14 at 09:04
http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php In this case 1)pdo is the best solution . 2)Never use common names like "table", "user" etc . Always add some suffix with your table name like jm_user. 3)Check data with isset and never execute direct query. these are the primary solutions – Ron Apr 10 '14 at 09:07

karlbarbour · Answer 2 · 2014-04-10T08:35:39.993

There are a number of issues with your code, but to purely 'get it working' you need to do two things.

First, change your form to that of a POST type.

Next, you MAY want to change the below:

 while($row = mysqli_fetch_array($result))
        {

        }

        mysqli_query($con,"UPDATE admin SET first_name='$_POST[first_name]' AND  last_name='$_POST[last_name]' WHERE id='$row[id]' ");

To:

 while($row = mysqli_fetch_array($result))
        {
            mysqli_query($con,"UPDATE admin SET first_name='$_POST[first_name]' AND  last_name='$_POST[last_name]' WHERE id='$row[id]' ");
        }

Your current code will not loop through the statements and, in reality, only execute once.

I'm not too sure what you're trying to achieve by querying the 'admin' table, though - at present, it will loop through all the results and update the last row with your new first/last name?

@NullPoiиteя apologies, I was editing my post after I had a proper look at the code. The whole thing appears to need a good rewrite, to be fair! — karlbarbour, Apr 10 '14 at 08:36

can't edit name into database

2 Answers2