mysql not updating php form

Question

I have a database with content.

I have a page that displays a table of all records. You can click edit for any record you wish, when you click edit it redirects you to a new form and populates all the information into some form feilds.

When you edit the form values and click submit it is supposed to update the record in the database.

I get a success message when I update,but the record doesnt actually update.

form.php:

    <?php
            $emp_id= ($_GET["id"]);


              $sql =    "SELECT * FROM people
                        WHERE id='$emp_id' LIMIT 1";
              $result = mysql_query($sql);
              $row_people = mysql_fetch_array($result);
             ?>

              <form method="post" action="update.php?id=<?php echo "$emp_id" ?>">
              <input type="hidden" name="id" value="<?php echo "$row_people[id]"; ?>">

                <fieldset>
                    <legend><b>Name</b></legend>
                        First Name:<input type="text" name="first_name" size="20" value="<?php echo "$row_people[first_name]"; ?>">
                        Last Name:<input type="text" name="last_name" size="40" value="<?php echo "$row_people[last_name]"; ?>">
                </fieldset>

update.php

<?php
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="ogs"; // Database name
$tbl_name="people"; // Table name

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

$emp_id= ($_GET["id"]);
$first_name = $_POST["first_name"];
$last_name = $_POST["last_name"];

// update data in mysql database
$sql="UPDATE $tbl_name SET first_name='$first_name', last_name='$last_name' WHERE id='$emp_id' LIMIT 1";
$result=mysql_query($sql);

// if successfully updated.
if($result){
echo "Successful";
echo "<BR>";
}

else {
echo "ERROR";
}

?>

Not sure what I am missing.

If i change the $first_name in my query to actual text, it updates fine.

So I'm assuming something is wrong with my form.php or the $_POST?

FYI, you are wide open to [SQL injections](http://stackoverflow.com/q/60174) — John Conde, Jun 02 '14 at 18:05
You need to read up on [proper SQL escaping](http://bobby-tables.com/php) so you don’t create any more severe [SQL injection bugs](http://bobby-tables.com/) like the one you have here. Also, `mysql_query` should not be used in new applications. It's a deprecated interface that's being removed from future versions of PHP. A modern replacement like [PDO is not hard to learn](http://net.tutsplus.com/tutorials/php/why-you-should-be-using-phps-pdo-for-database-access/) and is a safer way to compose queries. `$_GET` and `$_POST` data **never** goes directly in a query. — tadman, Jun 02 '14 at 18:05
If my name is Bob O'Doull, what happens to your query? Or maybe my name should be [Bobby Tables](http://bobby-tables.com/) — Machavity, Jun 02 '14 at 18:05
Aside from the potential SQL injection problems and the fact the `mysql_` functions are being deprecated (you should use `mysqli_` or `PDO` (which also helps with the injection issues), have you checked to see if there are contents in the `$_GET` and `$_POST` arrays? — Jay Blanchard, Jun 02 '14 at 18:09
Thanks for the concern. I plan on going back and properly guarding against injection. For now this is all on my local machine and is just me trying to get this to work. — Nic326, Jun 02 '14 at 18:10

prava · Answer 1 · 2014-06-02T18:17:11.687

0

Change from $row_people[first_name] to $row_people['first_name'] in Form.php file. The same for id and last_name field also.

<?php
$emp_id= ($_GET["id"]);
$id = 0; $firstName = ''; $lastName = '';

$sql = "SELECT * FROM people
        WHERE id='$emp_id' LIMIT 1";
$result = mysql_query($sql);
$row_people = mysql_fetch_array($result);

if(!empty($row_people)) {
    $id = $row_people['id'];
    $firstName = $row_people['first_name'];
    $lastName = $row_people['last_name'];
}
?>

<form method="post" action="update.php?id=<?php echo "$emp_id" ?>">
    <input type="hidden" name="id" value="<?php echo $id; ?>">
    <fieldset>
        <legend><b>Name</b></legend>
        First Name:<input type="text" name="first_name" size="20" value="<?php echo $firstName; ?>">
        Last Name:<input type="text" name="last_name" size="40" value="<?php echo $lastName; ?>">
    </fieldset>
</form>

edited Jun 02 '14 at 18:17

answered Jun 02 '14 at 18:10

prava

3,916
2
24
35

I get an error if I do that: Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE), expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING) in C:\xampp\htdocs\OGS\mods\people\employees\edit_form.php on line 50 – Nic326 Jun 02 '14 at 18:12
that gets rid of the error, but now im back to where I was before. (The new values are not being updated into the database table.) – Nic326 Jun 02 '14 at 18:29
check the `$emp_id` value - should you change to `$_POST` instead of `$_GET` in `update.php` file. This value might be empty. – prava Jun 02 '14 at 18:32
what value is coming for `$emp_id`. – prava Jun 02 '14 at 18:36
Definitely something wrong in my update.php. If i change: $sql="UPDATE $tbl_name SET first_name='$first_name' to $sql="UPDATE $tbl_name SET first_name='Nicholas' it works fine. – Nic326 Jun 02 '14 at 18:37
the value for $emp_id is 21 (as per the url, which is the correct id in the databse) – Nic326 Jun 02 '14 at 18:39

mysql not updating php form

1 Answers1