Update on a mysql row not working

Question

I'm trying to update a column value in a mysql table, but nothing is happening at all.

It's neither showing the update message nor the error message.

html form:

<html>
    <form action='xyz.php' method='post'>
        <input type='text' size='25' id='country' name='country'>
        <input type='submit' id='submit' value='update'>
    </form>
</html>

php code:

<?php

session_start();

$con=mysqli_connect("localhost","root","","server2go");

if(mysqli_connect_errno())

echo "<h2>Failed to connect to MySQL database!".mysqli_connect_errno();

if(isset($_POST['submit'])){


    $country=$_POST['country'];

    $userid=987654326;

    $sql2=mysqli_query($con, "UPDATE user_profile set country='$country' WHERE userid='$userid'");
    if(!$sql2){
        die(mysqli_error($con));
        echo "<h6>Failed to update</h6>";
    }
    else {
        echo "<h5>Successfully updated!</h5>";
   }
}

?>

what have i done wrong here?

plz help.

score 4 · Answer 1 · edited May 23 '17 at 11:57

4

The reason why your code is not executing, is that you've set a conditional statement

if(isset($_POST['submit'])){...}

but did not name your submit button:

<input type='submit' id='submit' value='update'>

rename to:

<input type='submit' id='submit' value='update' name='submit'>

You cannot rely on id alone when it comes to POST variables.

Footnotes:

Your present code is open to SQL injection.
Use prepared statements, or PDO with prepared statements.

To help protect yourself from an SQL injection attack while using what you have now till you hopefully move over to prepared statements, use:

$userid = (int)987654326; // assuming it's an integer

$country = stripslashes($_POST['country']);
$country = mysqli_real_escape_string($con,$_POST['country']);

edited May 23 '17 at 11:57

Community

1
1

answered Oct 30 '14 at 07:23

Funk Forty Niner

74,450
15
68
141

just throwing something into the discussion: It's not the submit button the script is concerned about but the data in the `country` field; therefore I usually check for the payload fields not some superfluous button related field ;-) – VolkerK Oct 30 '14 at 08:00
@VolkerK You have a point there. OP though, states *"It's neither showing the update message nor the error message."* - Even with error reporting set/on, will fail silently because of the unnamed submit button, and therefore won't get to show an SQL error, should the column in the table not exist to start with, or any other SQL-related error, should any exist. OP would need to show DB schema in order to be 100% certain. – Funk Forty Niner Oct 30 '14 at 08:02

score 0 · Answer 2 · answered Oct 30 '14 at 07:23

Please change

<input type='submit' id='submit' value='update'>

To:

<input type='submit' id='submit' value='update' name='submit'/>

Because, no name attribute is set and control is not going to this condition.

if(isset($_POST['submit'])){

Hope it works for you.

arif_suhail_123 · Answer 3 · 2014-10-30T07:39:22.150

0

change your submit input in the form

from this

<input type='submit' id='submit' value='update'>

to this

<input type='submit' id='submit' name='submit' value='update'>

mysqli does not automatically secure your query. bind your value. always leave the error reporting at the time of production by using this line at the top

error_reporting(E_ALL);

edited Oct 30 '14 at 07:39

answered Oct 30 '14 at 07:23

arif_suhail_123

2,509
2
12
16

Update on a mysql row not working

3 Answers3