PHP MySQL Statements not Updating Database

Question

After much editing and checking tutorial sites. Code currently not calling info from Database and when clicking Approve button, does not edit database. I do have a column identifier named Reg_ID which can specify which column of data you choose to edit. The form is submitting, just clears the information that I enter in and doesn't store the data.

This file is named Approve Deny Prayer Request.

<?php
$DB_HOST = "XXXXXXX";
$DB_NAME = "XXXXXXX";
$DB_PASS = "XXXXXXX";
$DB_USER = "XXXXXXX";

$link = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
if($link->connect_errno > 0) {
die('Connection failed [' . $db->connect_error . ']');
}

$query = "SELECT * FROM Request";
$result = mysqli_query($link,$query); //<----- Added link
$row = mysqli_fetch_array($result);

if(isset($_POST['add'])){

$id = mysqli_real_escape_string($link,$_POST['id']);
$firstname = mysqli_real_escape_string($link,$_POST['first']);
$lastname = mysqli_real_escape_string($link,$_POST['last']);
$phone = mysqli_real_escape_string($link,$_POST['phone']);

$query2=mysqli_query($link,"UPDATE Request SET Reg_F_Name='$firstname',     Reg_L_Name='$lastname',Reg_Request='$phone' WHERE id='$id'" );

if($query2){
header("Location: fbcaltusprayerorg.ipagemysql.com");
}

} // brace if(isset($_POST['add']))

?>

<form action="" method="post">

<table>
<input type="hidden" name="id" value="<? echo "$row[Reg_ID]" ?>">

<tr>
<td>First Name:</td>
<td><input type="text" name="first" value="<? echo "$row[Reg_F_Name]" ?>"></td>
</tr>

<tr>
<td>Last Name:</td>
<td><input type="text" name="last" value="<? echo "$row[Reg_L_Name]" ?>"></td>
</tr>

<tr>
<td>Prayer Request:</td>
<td><input type="text" name="phone" value="<? echo "$row[Reg_Request]" ?>"></td>
</tr>

</table>
<input name="add" type="submit" id="add" value="Approve Prayer Request">

</form>

the query is never actully run. also the input name's dont match the variable names — , Apr 13 '14 at 22:10
$query2 is just a string, you have to call mysqli_query($link, $query2) to actually do something in the database — Michael Butler, Apr 13 '14 at 22:11
Not quite, I keep undergoing changes to the code trying to figure out the solution. — user3521756, Apr 13 '14 at 22:12
@user3521756 For one thing, you're missing an opening `
` tag with the extra goodies in there. — Funk Forty Niner, Apr 13 '14 at 22:21

score 5 · Answer 1 · edited May 23 '17 at 12:25

5

Firstly, your initial code did not contain an opening <form> tag; that has been included below.

The way you're attempting to run your code is leaving you open to SQL injection.

Use prepared statements, or PDO

Now, here's what you need to do.

Create a column named id and set it to AUTO_INCREMENT if needed, but not required; just as long as there is some data related to it and holds a unique name/id.
Create a hidden field called/named id

Then use UPDATE along with SET and a WHERE clause.

Sidenote: This will automatically redirect you to the page's filename you've called it.

In this example, I used header("Location: http://www.example.com/update.php");

Replace the DB credentials with your own.

<?php
$DB_HOST = "xxx";
$DB_NAME = "xxx";
$DB_PASS = "xxx";
$DB_USER = "xxx";

$link = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
if($link->connect_errno > 0) {
  die('Connection failed [' . $db->connect_error . ']');
}

$query = "SELECT * FROM Request";
$result = mysqli_query($link,$query); //<----- Added link
$row = mysqli_fetch_array($result);

if(isset($_POST['add'])){

$id = mysqli_real_escape_string($link,$_POST['id']);
$firstname = mysqli_real_escape_string($link,$_POST['first']);
$lastname = mysqli_real_escape_string($link,$_POST['last']);
$phone = mysqli_real_escape_string($link,$_POST['phone']);

$query2=mysqli_query($link,"UPDATE Request SET Reg_F_Name='$firstname', Reg_L_Name='$lastname',Reg_Request='$phone' WHERE id='$id'" );

if($query2){
header("Location: http://www.example.com/update.php");
}

} // brace if(isset($_POST['add']))

?>

<form action="" method="post">

<table>
<input type="hidden" name="id" value="<? echo "$row[id]" ?>">

<tr>
<td>First Name:</td>
<td><input type="text" name="first" value="<? echo "$row[Reg_F_Name]" ?>"></td>
</tr>

<tr>
<td>Last Name:</td>
<td><input type="text" name="last" value="<? echo "$row[Reg_L_Name]" ?>"></td>
</tr>

<tr>
<td>Prayer Request</td>
<td><input type="text" name="phone" value="<? echo "$row[Reg_Request]" ?>"></td>
</tr>

</table>
<input name="add" type="submit" id="add" value="Approve Prayer Request">

</form>

edited May 23 '17 at 12:25

Community

1
1

answered Apr 13 '14 at 23:50

Funk Forty Niner

74,450
15
68
141

Fred, I just updated my code on the OP. Please take a look and advise. – user3521756 Apr 15 '14 at 02:07
Why the modifications? I noticed you replaced `"$row[Reg_F_Name]"` with `"$row[1]"` --- Is that row now called `1` etc.? @user3521756 I gave you working code. – Funk Forty Niner Apr 15 '14 at 02:16
Sorry that was a note for me, it has been changed back now. – user3521756 Apr 15 '14 at 02:44
My code worked 100% for me. Has it worked for you? @user3521756 – Funk Forty Niner Apr 15 '14 at 02:47
It does not work for me. It does not update the database from a prior entry nor does it recall information either into the text boxes. Sorry for all the confusion – user3521756 Apr 15 '14 at 02:49
Did you create the `id` column and is there unique data in it? @user3521756 – Funk Forty Niner Apr 15 '14 at 02:50
Yes there is a column named Reg_ID which is numbered 1-(however many numbers there needs to be) which contains specific data for each stored persons name and request. See example below of database. Reg_ID Reg_F_Name Reg_L_Name Reg_Request 1 John Smith Help mowing – user3521756 Apr 15 '14 at 02:59
Was supposed to be setup as a table but the Column headings (4 of them) are across the top and the information would be below it (obviously). – user3521756 Apr 15 '14 at 03:01
My example said to create a column called `id`, yet you created one called `Reg_ID` and still using all references made to `id`, which at this point, is incorrect. What you will need to do now, is to change `value=" echo "$row[id]" ?>"` to `value=" echo "$row[Reg_ID]" ?>"` and `WHERE id='$id'"` to `WHERE Reg_ID='$id'"` and `$id = mysqli_real_escape_string($link,$_POST['id']);` to `$id = mysqli_real_escape_string($link,$_POST['Reg_ID']);` that's the best I can say now. Any other problems you may have, you will need to sort it out and made all values match as per your ID column. @user3521756 – Funk Forty Niner Apr 15 '14 at 03:05
Thanks Fred for all your help. – user3521756 Apr 15 '14 at 04:26

FreddieMac · Answer 2 · 2014-04-13T22:24:50.667

-3

where is the call to update the database with your sql statement?

I have a function that normally I just for update of the database. I also make sure to add column for each table like UpdateDtTm and add that to the end of my update. That way you know you are going to always update something on an update statement. Also make sure to use a key and a unique id to make sure you only update the row you want.

Also, try using this syntax

$query2 = "Update Request set Reg_F_Name = $row[Reg_F_Name], Reg_L_Name = $row['Reg_L_Name],    Reg_Request = $row['Reg_Request'], UpdateDtTM = Now() where <A UNIQUE KEY ROW> = <UNIQUE ID>. 

 $result = db_update ("updating request in some location", $sql,"update");


 function db_update($function_name,$sql,$type) {

    // Get access to PHP global variables
    global $database;
    //if the database value is not pulled from the global array make sure
    //the system has it based on the Session value set on load
    if (! $database) {
        $database = $_SESSION['database'];
    }

    // Now authenticate the user with the database
    $db = db_connect($database);
    // Run SQL Query
mysql_query($sql);
// Mysql won't return a $result for UPDATE, so have to test with mysql_affected_rows
// mysql also won't do an update if the values are the same, so you could
// possibly have an instance where nothing is change and this fails
// got around this by adding an updated column that is increased by 1 everytime
// an update is performed.  this ensures that you always have something updated
if ( mysql_affected_rows()==0 ) {

    // Unable to update
    $error = "db_update error<br>$sql<br>".mysql_errno()." - ".mysql_error();
    database_error($error,$sql);

    // Exit the function after error
    exit;

}

// Do nothing for this guy
// We don't need to return anything
return;

}

edited Apr 13 '14 at 22:24

answered Apr 13 '14 at 22:13

FreddieMac

1
2

Sorry, i'm getting use to this editor... Newbie to stackoverflow, not php – FreddieMac Apr 13 '14 at 22:26
I have to say, at least Freddie is attempting to help. I just started PHP and SQL and am trying to get caught up to speed by using tutorials. I in no way claim to be an expert. That's why I am here. To receive HELP. – user3521756 Apr 13 '14 at 22:32
Plus, OP is using `mysql(eye)` functions. – Funk Forty Niner Apr 13 '14 at 22:32
@user3521756 You need to use INSERT instead of UPDATE, because UPDATE requires to use SET and a WHERE clause. I.e.: `UPDATE table SET column='$value' WHERE column='$something'` I need to know if you want to UPDATE existing data, or INSERT new data. – Funk Forty Niner Apr 13 '14 at 22:33
I want to update the data that is already within the database. I know how to insert into the database. – user3521756 Apr 13 '14 at 22:35
You need to wrap your `$query2` with `if(isset($_POST['add'])){ $query... }` and do `$query2=mysqli_query($link,"UPDATE Request SET Reg_F_Name='$_POST[first]', Reg_L_Name='$_POST[last]',Reg_Request='$_POST[phone]' WHERE Reg_F_Name='Larry'" );` but this method is open to SQL injection (*I know*). That will get you started for now. @user3521756 The `WHERE Reg_F_Name='Larry'` (Larry) is whatever the name is already in the DB. You are also missing `` I.e.: `
`
– Funk Forty Niner Apr 13 '14 at 22:44
Thank you. I will add these in and edit the main post. – user3521756 Apr 13 '14 at 22:47
@user3521756 You're welcome. Also, it would be best if you added/used an extra column called `id` for easier updating. Using a WHERE clause without knowing which column you're updating will be a nightmare. UPDATE requires SET and WHERE. – Funk Forty Niner Apr 13 '14 at 22:50
The judgment that code is terrible is a personal opinion and does not matter. The code I provided works, has worked for years and is running many sites. The ultimate judge of code quality is, does it work... ;-) – FreddieMac Apr 13 '14 at 23:13
getting across town by riding an elephant 'works' does not mean its a good idea. just because something works, does not mean its not poor practice; as recognised by the majority of professionals in the industry. – Apr 14 '14 at 00:51
I like that you're trying, but you're just making an awful mess of things here. `mysql_query` is not something you want to see in an answer about `mysqli` queries. – tadman Apr 15 '14 at 03:02
@FreddieMac The code you provided does definitely not work. It has some big typos in there. – Daedalus Apr 15 '14 at 06:42

PHP MySQL Statements not Updating Database

2 Answers2