query is not execute

Question

i have a search box to find the information of student. All the data display well, and admin can update the status from it but when admin want to update the application the query just does not execute. i dont think that the sql command is wrong. am i missing something? heres the code

public function searchApplicant()
    {
        echo '<table><form method="post">
            <tr><td>
                <input type=search name="studID" placeholder="ID Pelajar...">&nbsp;&nbsp;<button name="searchStud" type="submit">Cari</button>
            </td></tr></form>
            <tr><td>';
            if(isset($_POST['searchStud']))
            {
                if(isset($_POST['studID']))
                {
                    $studID=$_POST['studID'];
                    $query = mysql_query("SELECT * FROM `application` WHERE `studID` = '$studID'");
                    if(!$query)
                        {
                            echo mysql_error();
                        }
                    else
                    {
                        while($row = mysql_fetch_array($query)) 
                        {

                            $appID = $row['appID'];
                            $ic = $row['ic'];
                            $faculty = $row['faculty'];
                            $programme = $row['programme'];
                            $campus = $row['campus'];
                            $statusS = $row['statusS'];
                            $gender = $row['gender'];
                            $part = $row['part'];
                            $session = $row['session'];
                            $cgpa = $row['cgpa'];
                            $gpa = $row['gpa'];
                            $state = $row['state'];
                            $accountNo = $row['accountNo'];
                            $addressStud = $row['addressStud'];
                            $postcodeStud = $row['postcodeStud'];
                            $phoneS = $row['phoneS'];
                            $nameG = $row['nameG'];
                            $job = $row['job'];
                            $relationship = $row['relationship'];
                            $marriageStatus = $row['marriageStatus'];
                            $addressG = $row['addressG'];
                            $postcodeG = $row['postcodeG'];
                            $phoneG = $row['phoneG'];
                            $incomeG = $row['incomeG'];
                            $incomeM = $row['incomeM'];
                            $incomeO = $row['incomeO'];
                            $statusApplication = $row['statusApplication'];

                            echo '<form method="post">
                            <table border="0" cellspacing="2" cellpadding="2" width="705" style=" #fff;-webkit-box-shadow: 0 0 10px #660066; background:#ffffff;padding:0px;color:#848484; margin-top:50px;">
                            <tr>
                            <td><div align="left"><strong>No. Pelajar </strong></div></td>
                            <td><div align="center"><strong>:</strong></div></td>
                            <td>'.$studID.'</td>
                          </tr>
                          <tr>
                            <td><div align="left"><strong>No. K/P </strong></div></td>
                            <td><div align="center"><strong>:</strong></div></td>
                            <td>'.$ic.'                          </td>
                          </tr>

                          <tr>
                            <td><div align="left"><strong>Fakulti</strong></div></td>
                            <td><div align="center"><strong>:</strong></div></td>
                            <td>'.$faculty.'</td>
                          </tr>
                          <tr>
                            <td><div align="left"><strong>Kod Kursus </strong></div></td>
                            <td><div align="center"><strong>:</strong></div></td>
                            <td>'.$programme.'</td>
                          </tr>
                          <tr>
                            <td><div align="left"><strong>Kampus</strong></div></td>
                            <td><div align="center"><strong>:</strong></div></td>
                            <td>UiTM Melaka Kampus Jasin</td>
                          </tr>
                          <tr>
                            <td><div align="left"><strong>Taraf Perkahwinan </strong></div></td>
                            <td><div align="center"><strong>:</strong></div></td>
                            <td>'.$statusS.'</td>
                          </tr>
                          <tr>
                            <td><div align="left"><strong>Semester/Bahagian</strong></div></td>
                            <td><div align="center"><strong>:</strong></div></td>
                            <td>'.$part.'</td>
                          </tr>
                          <tr>
                            <td><div align="left"><strong>Sesi</strong></div></td>
                            <td><div align="center"><strong>:</strong></div></td>
                            <td>'.$session.'</td>
                          </tr>
                          <tr>
                            <td><div align="left"><strong>CGPA Terkini </strong></div></td>
                            <td><div align="center"><strong>:</strong></div></td>
                            <td>'.$cgpa.'</td>
                          </tr>
                          <tr>
                            <td><div align="left"><strong>GPA Terkini </strong></div></td>
                            <td><div align="center"><strong>:</strong></div></td>
                            <td>'.$gpa.'</td>
                          </tr>
                          <tr>
                            <td><div align="left"><strong>Negeri Asal </strong></div></td>
                            <td><div align="center"><strong>:</strong></div></td>
                            <td>'.$state.'</td>
                          </tr>
                          <tr>
                            <td><div align="left"><strong>No. Akaun Bank Islam </strong></div></td>
                            <td><div align="center"><strong>:</strong></div></td>
                            <td>'.$accountNo.'</td>
                          </tr>
                          <tr>
                            <td>
                              <p align="left"><strong>Alamat Surat Menyurat</strong></p>                              <p align="left"><strong>(</strong><strong>Kolej/Rumah Sewa) </strong></p></td><td><div align="center"><strong>:</strong></div></td>
                            <td>'.$addressStud.'</td>
                          </tr>
                          <tr>
                            <td><div align="left"><strong>Poskod</strong></div></td>
                            <td><div align="center"><strong>:</strong></div></td>
                            <td>'.$postcodeStud.'</td>
                          </tr>
                          <tr>
                            <td><div align="left"><strong>No. Telefon </strong></div></td>
                            <td><div align="center"><strong>:</strong></div></td>
                            <td>'.$phoneS.'</td>
                          </tr>
                          <tr>
                            <td width="23%"><div align="left"><strong>Nama Ketua Keluarga </strong></div></td>
                            <td width="7%"><div align="center"><strong>:</strong></div></td>
                            <td width="70%">'.$nameG.'</td>
                          </tr>
                          <tr>
                            <td><div align="left"><strong>Pekerjaan</strong></div></td>
                            <td><div align="center"><strong>:</strong></div></td>
                            <td>'.$job.'</td>
                          </tr>
                          <tr>
                            <td><div align="left"><strong>Hubungan</strong></div></td>
                            <td><div align="center"><strong>:</strong></div></td>
                            <td>'.$relationship.' </td>
                          </tr>
                          <tr>
                            <td><div align="left"><strong>Status Perkahwinan </strong></div></td>
                            <td><div align="center"><strong>:</strong></div></td>
                            <td>'.$marriageStatus.'</td>
                          </tr>
                          <tr>
                            <td><div align="left"><strong>Alamat Surat Menyurat </strong></div></td>
                            <td><div align="center"><strong>:</strong></div></td>
                            <td>'.$addressG.'</td>
                          </tr>
                          <tr>
                            <td><div align="left"><strong>Poskod</strong></div></td>
                            <td><div align="center"><strong>:</strong></div></td>
                            <td>'.$postcodeG.'</td>
                          </tr>
                          <tr>
                            <td><div align="left"><strong>No. Telefon </strong></div></td>
                            <td><div align="center"><strong>:</strong></div></td>
                            <td>'.$phoneG.'</td>
                          </tr>
                          <tr>
                            <td><div align="left"><strong>Pendapatan Bulanan </strong></div></td>
                            <td>&nbsp;</td>
                            <td>&nbsp;</td>
                          </tr>
                          <tr>
                            <td><div align="left"><strong>Bapa/Penjaga</strong></div></td>
                            <td><div align="center"><strong>:</strong></div></td>
                            <td>'.$incomeG.'</td>
                          </tr>
                          <tr>
                            <td><div align="left"><strong>Ibu</strong></div></td>
                            <td><div align="center"><strong>:</strong></div></td>
                            <td>'.$incomeM.'</td>
                          </tr>
                          <tr>
                            <td><div align="left"><strong>Lain-lain</strong></div></td>
                            <td><div align="center"><strong>:</strong></div></td>
                            <td>'.$incomeO.'</td>
                          </tr>

                          <tr>
                            <td><div align="left"><strong>Status Permohononan</strong></div></td>
                            <td><div align="center"><strong>:</strong></div></td>
                            <td>
                                <select name="statusApplication">
                                    <option disabled="disabled" value="Dalam Proses" '.(($statusApplication=='Dalam Proses')?'selected="selected"':"").'>Dalam Proses</option>
                                    <option value="Tidak Berjaya" '.(($statusApplication=='Tidak Berjaya')?'selected="selected"':"").'>Tidak Berjaya</option>
                                    <option value="Berjaya" '.(($statusApplication=='Berjaya')?'selected="selected"':"").'>Berjaya</option>
                            </td>
                          </tr>
                          <tr>
                            <td>&nbsp;</td>
                            <td>&nbsp;</td>
                            <td><input type="submit" name="updateStatus" value="Kemaskini Status Permohonan"></td>
                          </tr>
                        </table>
                        </form>';

                        if(isset($_POST['updateStatus']))
                        {
                            if(isset($_POST['statusApplication'])){
                                $statusApplication = $_POST['statusApplication'];

                                $sql2 = "UPDATE `application` 
                                SET `statusApplication`='$statusApplication'
                                WHERE `studID` = '$studID'";

                                $query2 = mysql_query($sql2);

                                if(!$query2)
                                    echo mysql_error();
                                else
                                {
                                    echo "<script type='text/javascript'>
                                    alert('Status permohonan telah berjaya dikemaskini.');
                                    window.location.href= 'searchApplicant.php';

                                    </script>";
                                }
                            }
                        }
                    }
    }}}}

If you can, you should [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). They are no longer maintained and are [officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) [statements](http://php.net/manual/en/pdo.prepared-statements.php) instead, and consider using PDO, [it's really not hard](http://jayblanchard.net/demystifying_php_pdo.html). — Jay Blanchard, Jun 15 '15 at 19:29
[Your script is at risk for SQL Injection.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) — Jay Blanchard, Jun 15 '15 at 19:29
your update code only runs when `searchStud` is set, and that WON'T be set when you're submitting the update form. — Marc B, Jun 15 '15 at 19:32
SQL Injection not my priority for now, need to present this in few more hour :( — ohlala, Jun 15 '15 at 19:32
basically, yes. all of your code is chained together. form submission processing and form display are two totally different things, and should not be nested in each otehr. — Marc B, Jun 15 '15 at 19:38

score 0 · Answer 1 · answered Jun 15 '15 at 19:39

0

Your logic is badly flawed. You basically have:

display form
   show search results
        update database

When it should be more

display form
if (search mode) {
   run search
} else if (update mode) {
   run update
}

answered Jun 15 '15 at 19:39

Marc B

356,200
43
426
500

solved, following ur structure and adding hidden input var – ohlala Jun 15 '15 at 20:02

query is not execute

1 Answers1