Update MySQL entries via PHP/Html & sql

Question

Im trying to create a form where based on someones first and surname, their email can be changed.

So the html looks like this:

<form action="sUpdateResponse.php" method="post">
<input type="text" placeholder="Enter Email..." name="sUpdateEmail">
Where the name is 
<input type="text" placeholder="Enter Forename..." name="sUpdateFN">
<input type="text" placeholder="Enter Surname..." name="sUpdateSN">
    <input type="submit" value="Update Records" name="sRetrieveUpdate"></form>

This takes a new email to update the data entry where the forename and surname exist.

The php on sUpdateResponse looks like this,

if($_POST['sRetrieveUpdate']) 
    $queryRetrieve = mysql_query( "UPDATE staffData SET sEmail='".$_POST['sUpdateEmail']."' WHERE sFN='".$_POST['sUpdateFN']."' 
    AND sFN='".$_POST['sUpdateSN']."'" );

This doesn't return an error but doesn't seem to alter the email either...

Where am i going wrong?

[Please, don't use `mysql_*` functions in new code](http://bit.ly/phpmsql). They are no longer maintained [and are officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). See the [red box](http://j.mp/Te9zIL)? Learn about [*prepared statements*](http://j.mp/T9hLWi) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://j.mp/QEx8IB) will help you decide which. If you choose PDO, [here is a good tutorial](http://j.mp/PoWehJ). **You are also wide open to [SQL injections](http://stackoverflow.com/q/60174)** — John Conde, Feb 16 '15 at 14:13
Also, did you check if values for sUpdateEmail etc are set? 'isset' for instance. Make an 'else' statement for sRetrieveUpdate also, does it exists 100% and is not null or empty string? — trainoasis, Feb 16 '15 at 14:16
your code is nice but not longer supported now. Unfortunately. Otherwise, your page will be full of fake scripts. — Joe Kdw, Feb 16 '15 at 14:16

score 1 · Answer 1 · answered Feb 16 '15 at 14:27

1

<?php
if(isset($_POST['sRetrieveUpdate'])){
      if(isset($_POST['sUpdateEmail']) && isset($_POST['sUpdateFN']) && isset($_POST['sUpdateSN'])){
            $query = "UPDATE staffData SET sEmail = '.$_POST['sUpdateEmail'].' WHERE sFirstName = '.$_POST['sUpdateFN'].' AND sSurName = '.$_POST['sUpdateSN']";
            $Result = mysqli_query($query);
      }else{
            // Error Message
      }
}else{
      // Error Message
}
?>

answered Feb 16 '15 at 14:27

Hardik Bharadava

472
1
9
22

Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in || $query line – ili Feb 16 '15 at 15:07
I was forgot to put `"` surrounding to `$_POST['sUpdateEmail']` Just put `"` surrounding it. Like, `".$_POST['sUpdateEmail']."` with all three Posting Value. – Hardik Bharadava Feb 17 '15 at 08:14
Warning: mysqli_query() expects at least 2 parameters, 1 given – ili Feb 18 '15 at 20:50
@ili, Are you using OO Style or Procedural Style? You may refer [here](http://php.net/manual/en/mysqli.query.php) to get Solution of this, both the options are here. you may easily solve it. :) – Hardik Bharadava Mar 02 '15 at 06:04

Developer · Answer 2 · 2015-02-16T16:46:24.133

Your Second column is same in where condition sFn repeated. WHERE sFN='".$_POST['sUpdateFN']."' AND sFN='".$_POST['sUpdateSN']."'")

It cheks two values in same column . There is your column name mistake in the query.make it correct then it will work fine :)

It should be Something like this if($_POST['sRetrieveUpdate']) $queryRetrieve = mysql_query( "UPDATE staffData SET Email='".$_POST['sUpdateEmail']."' WHERE sFN='".$_POST['sUpdateFN']."' AND sSN='".$_POST['sUpdateSN']."'" );

score 0 · Answer 3 · answered Feb 16 '15 at 14:26

0

"UPDATE staffData SET sEmail='".$_POST['sUpdateEmail']."' WHERE sFN='".$_POST['sUpdateFN'].$_POST['sUpdateSN']."'"

answered Feb 16 '15 at 14:26

Tanmoy Roy

1

Update MySQL entries via PHP/Html & sql

3 Answers3