Php mysql update wont update

Question

I know mysql is oudated like yahoo. but, I was asked to fix on a friends website. so first of all, heres the code:

<?php
$name = $_POST['name'];
$kcid = $_POST['kcid'];

$host="localhost"; // Host name 
$username="username"; // Mysql username 
$password="password"; // Mysql password 
$db_name="dbname"; // Database name 
$tbl_name="tablename"; // Table name 

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// update data in mysql database 
$sql="UPDATE $tbl_name SET lastname='$name' WHERE KcID='$kcid'";
$result=mysql_query($sql);

// if successfully updated. 
if($result){
echo "Successful";
echo "<BR>";
}

else {
echo "ERROR";
}

?>

When i try to run it, it says sucessful but it doesnt edit anything at all talbe:

KcID | Kc | Lastname

I hope somone has a solution.

please correct my code if you see something that causes it not to work

Your code is vulnerable to mysql injections. Read here http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1, you also should really debug. What went wrong? — Fabio, Apr 12 '14 at 17:14
please post your answers if you think you have the solution :) — Php Gecko, Apr 12 '14 at 17:15
Check the value of $kcid and manually check that there is a record there ("SELECT * from table_name_goes_here where KCid = value_of_kcid_goes_here"). — D Mac, Apr 12 '14 at 17:17
Check casing for your column names and make sure both $_POST variables are filled properly. — Manuel Arwed Schmidt, Apr 12 '14 at 17:17

score 0 · Answer 1 · answered Apr 12 '14 at 17:20

0

try to type like this:

$sql="UPDATE {$tbl_name} SET lastname='{$name}' WHERE KcID='{$kcid}'";

without the brackets, it cant understand that '$name' is a php variable.

answered Apr 12 '14 at 17:20

Yair.R

795
4
11

this will cause an ERROR – Php Gecko Apr 12 '14 at 17:21
so try this: $sql="UPDATE ".$tbl_name." SET lastname='".$name."' WHERE KcID='".$kcid."'"; – Yair.R Apr 12 '14 at 17:25

score 0 · Answer 2 · answered Apr 12 '14 at 17:22

Some updates I can suggest to make your code a lot better and safer:

<?php
    $name = $_POST['name'];
    $kcid = $_POST['kcid'];

    $host="localhost"; // Host name 
    $username="username"; // Mysql username 
    $password="password"; // Mysql password 
    $db_name="dbname"; // Database name 
    $tbl_name="tablename"; // Table name 

    // Connect to server and select database.
    $connection = mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
    mysql_select_db($db_name, $connection)or die("cannot select DB");

    // update data in mysql database 
    $sql=sprintf("UPDATE %s SET lastname='%s' WHERE KcID='%s'", $tbl_name, mysql_real_escape_string($name), mysql_real_escape_string($kcid));
    mysql_query($sql, $connection);

?>

I am not sure, but I think the problem lies with your assigning the query in a result rather than actually querying. Try this solution and let me know if this workds.

score 0 · Answer 3 · answered Apr 12 '14 at 17:25

Try This Here Code contains Mysqli Query rather than MySQL which is the improved extension of MYSQL

    <?php
$name = $_POST['name'];
$kcid = $_POST['kcid'];

$host="localhost"; // Host name 
$username="username"; // Mysql username 
$password="password"; // Mysql password 
$db_name="dbname"; // Database name 
$tbl_name="tablename"; // Table name 

// Connect to server and select database.
$con = mysqli_connect("$host", "$username", "$password","$db_name")or die("cannot connect"); 


// update data in mysql database 
$sql="UPDATE $tbl_name SET lastname='$name' WHERE KcID='$kcid'";
$result=mysqli_query($con,$sql);

// if successfully updated. 
if($result){
echo "Successful";
echo "<BR>";
}
else {
echo "ERROR";
}

?>

Php mysql update wont update

3 Answers3