Mysql and PHP my codes not updating properly

Question

My profile.php is not updating properly. When I click my update button, nothing happens. The table information does not update. Here is my code:

<?php
session_start();
include_once('config.php');

$current_url = base64_encode($url='http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
if(isset($_SESSION['Email'])){
    $email = $_SESSION['Email'];

        if(isset($_POST['update'])){
            $UpdateQuery = "UPDATE customers SET Email='$_POST[email]',    Firstname='$_POST[firstname]', Lastname='$_POST[lastname]', Gender='$_POST[gender]', Titlename='$_POST[titlename]', BirthMonth='$_POST[bm]', BirthDay='$_POST[bd]', BirthYear='$_POST[by]', Company='$_POST[company]', CellphoneNumber='$_POST[cn]', PhoneNumber='$_POST[pn]' Province='$_POST[province]', Barangay='$_POST[barangay]', Address1='$_POST[add1]', Address2='$_POST[add2]' WHERE Email='$_POST[hidden]'";
            mysqli_query($mysqli,$UpdateQuery);
        }
        $query = $mysqli->query("SELECT * FROM customers WHERE Email='$email'");

        if($query){
            while($obj = $query->fetch_object()){
            echo '<form action="profile.php" method="POST">';
                echo 'Email<input type="text" name="email" value="'.$obj->Email.'"><br />';
                echo 'Firstname<input type="text" name="firstname" value="'.$obj->Firstname.'"><br />';
                echo 'Lastname<input type="text" name="lastname" value="'.$obj->Lastname.'"><br />';
                echo 'Gender<input type="text" name="gender" value="'.$obj->Gender.'"><br />';
                echo 'Title name<input type="text" name="titlename" value="'.$obj->Titlename.'"><br />';
                echo 'BirthMonth<input type="text" name="bm" value="'.$obj->BirthMonth.'"><br />';
                echo 'BirthDay<input type="text" name="bd" value="'.$obj->BirthDay.'"><br />';
                echo 'BirthYear<input type="text" name="by" value="'.$obj->BirthYear.'"><br />';
                echo 'Company<input type="text" name="company" value="'.$obj->Company.'"><br />';
                echo 'CellphoneNumber<input type="text" name="cn" value="'.$obj->CellphoneNumber.'"><br />';
                echo 'PhoneNumber<input type="text" name="pn" value="'.$obj->PhoneNumber.'"><br />';
                echo 'Province<input type="text" name="province" value="'.$obj->Province.'"><br />';
                echo 'Barangay<input type="text" name="barangay" value="'.$obj->Barangay.'"><br />';
                echo 'Address1<input type="text" name="add1" value="'.$obj->Address1.'"><br />';
                echo 'Address2<input type="text" name="add2" value="'.$obj->Address2.'"><br />';

                echo '<input type="hidden" name="hidden" value="'.$obj->Email.'">';
                echo '<input type="submit" name="update" value="Update">';
            echo '</form>';
            }
        }
}
else
{
    die('Please log in your accoount to view this section');
}

?>

And also, please help me to put some "Alert message" that will be displayed when you have successfully updated the information. Please give me advice on how to get rid of that error.

Please don't do this. As it stands, it would be trivially easy for anyone to 1. change data for any profile they wanted to, and 2. steal your data/corrupt it all. I'd strongly recommend reading http://www.phptherightway.com/ as a starter, particularly the security section. And then look at existing php frameworks (Zend, Laravel, Aura, others) that will help you avoid these issues and write cleaner php. — Matt Parker, Sep 14 '14 at 22:08
It's worth reading up on SQL injection - this code will get hacked pretty quickly. Use "parameterised queries" to fix it. — halfer, Sep 14 '14 at 22:08
"When I click my update button, nothing happens" - any errors in your Apache/PHP logs? Unfortunately an error report of "nothing" doesn't give us a lot to go on. Maybe add in some `echo`/`exit` debugging to see where it is going wrong? — halfer, Sep 14 '14 at 22:13
haha funny user error. I just miss one "," on "PhoneNumber='$_POST[pn]'" anyway sir do you have any idea how can I prevent SQL Injection in my codes? :) — None other, Sep 14 '14 at 22:20
Sure, read this on SQL injection: http://stackoverflow.com/q/60174/472495 (do please note that if you wish to communicate with someone here, it's worth using their handle e.g. @halfer. Type the first few letters, and you have tab completion). — halfer, Sep 14 '14 at 22:57
Aha, someone has [answered your question about SQL injection already](http://stackoverflow.com/a/25834721/472495). Please read it, and please don't ask someone else about it _again_, since someone has already helped you on this point. — halfer, Sep 14 '14 at 23:01

score 0 · Accepted Answer · edited Sep 14 '14 at 22:11

0

When ever you are using global variables always use single quotes in the square brackets like this:

$_POST['name']

What you wrote is this

$_POST[name]

Since you are already using single quotes in you sql query for the variables then using single quotes for the globals in the same query won't work. save them in a variable and then insert it in your query like this

$name = $_POST['name'];

Hope it helps

edited Sep 14 '14 at 22:11

halfer

19,824
17
99
186

answered Sep 14 '14 at 22:07

Uzumaki Naruto

753
1
9
27

anyway sir. I've receive errors in your code. Anyway as I looking the "UpdateQuery", I just miss one comma. haha Anyway thanks for the reply. I will consider this done. – None other Sep 14 '14 at 22:14
Sir do you have any idea how to make "Alert message" when I update the information? – None other Sep 14 '14 at 22:15
I assume you didnt write the code correctly ... it has been working for me for 2 years !! n yes you can show alert message if you are sending your data via jQuery then on success of submission you can alert if the data has been updated or not .. – Uzumaki Naruto Sep 14 '14 at 22:19
or! at the end of echoing your html in php you can echo your script tag that contains the success message .. your choice ... Jquery is cleaner and good. – Uzumaki Naruto Sep 14 '14 at 22:21
Please help me sir @Uzumaki to make jquery "Alert Message" when I updated the information. :) – None other Sep 14 '14 at 22:21
are you using jquery for your form submissions and actions ?? or plain old refreshing the page on submission?? – Uzumaki Naruto Sep 14 '14 at 22:24
Yes sir the plain old refreshing the page submission. I want when I update the form, one alert message will say "Your Have Successfully updated your form" – None other Sep 14 '14 at 22:30
if( mysqli_query($mysqli,$UpdateQuery)) { echo ''; } – Uzumaki Naruto Sep 14 '14 at 22:45
Oh thanks Sir @Uzumki Naruto. I'll try it. D – None other Sep 17 '14 at 06:45

Mysql and PHP my codes not updating properly

1 Answers1