PHP Update tables

Question

$query = "UPDATE  $abc_tbl ".
    "SET nationality={$_SESSION['Nationality']},".
    "gender={$_SESSION['gender']} ,".
    "dob={$_SESSION['DoB']},".
    "contact={$_SESSION['contact']},".
    "address='{$_SESSION['address']},".
    "level={$_SESSION['Level']},".
    "course={$_SESSION['Course']},".
    "mode_study={$_SESSION['ModeStudy']},".
    "semester={$_SESSION['Semester']},".
    "degree={$_SESSION['Degree']},".
    "major={$_SESSION['Major']},".
    "gpa={$_SESSION['GPA']},".
    "inst={$_SESSION['Institution']},".
    "docs=$target_file)".
    "WHERE (uname=$uname)";

$result=mysql_query($query) or die ("this stuffedup"); 

if ($result) {
    $_SESSION['success'] = "Done";
    header("location: Application_Success.php"); // Redirecting to success page 
}

I tried several syntaxes but still the query is not working

Please kindly I don't know why the information is not stored in my table

Thank you

Stack Snippets are exclusively for HTML/CSS/JS questions. PHP is not valid in them. — Niet the Dark Absol, Nov 16 '14 at 15:37
Do not use mysql_query; it is deprecated and susceptible to SQL injection attacks ... — sockfd2, Nov 16 '14 at 15:38

score 0 · Answer 1 · edited May 23 '17 at 12:23

0

You need to wrap text value within quote. eg.

 $query = "UPDATE  $abc_tbl ".
          "SET nationality='{$_SESSION['Nationality']}',".
           "gender='{$_SESSION['gender']}',".

 .....
 .....

But you should use some better options like mysqli or PDO as recommend by @Niet the Dark Absol

Use prepared statements and parameterized queries service like mysqli/PDO etc will help you secure your DB from vulnerability like SQL Injection and so on.

edited May 23 '17 at 12:23

Community

1
1

answered Nov 16 '14 at 15:37

thecodeparadox

86,271
21
138
164

It'd probably be better to recommend prepared statements such as PDO. – Niet the Dark Absol Nov 16 '14 at 15:37
@NiettheDarkAbsol Yes, I am 200% same with you. I just gave answer as per OP's context. Thanks, Sir. – thecodeparadox Nov 16 '14 at 15:39
1

I would say that you would answer it better by saying "don't do that, do this instead because X, Y, Z". You'd be doing this user, and the internet in general, a much better service. SQL Injection must `die()`. – Niet the Dark Absol Nov 16 '14 at 15:40

Fas M · Answer 2 · 2014-11-16T16:16:26.220

Just initialize your session variables into normal php variable then pass them into sql query.

$gender=$_SESSION['gender'];
$DoB=$_SESSION['DoB'];
$Nationality=$_SESSION['Nationality'];
query = "UPDATE  $abc_tbl ".
        "SET nationality=' $Nationality',".
           "gender= '$gender' ,".
           "dob=$DoB,".
           " .......
           ".
           "docs='$target_file' ".
           "WHERE (uname='$uname')"; 

// ....... means finish up your query in a given order

this should work

PHP Update tables

2 Answers2