Two if(isset($_POST) arrays in one update query?

Question

I am trying to bring an id from a hidden form on a previous page and using it as a variable as part of an update query.

The path to this point is....: Log in to admin area (using a different table)... Search 'businesses' database for entry... Entry displays with an update button, the update button has a hidden ID... value that gets posted to this page through "submit"...

if(isset($_POST["submit"]) && isset($_POST["submituname"]))
    {
        $id = $_POST["id"];
        $name = $_POST["uname"];
    }

    $query = mysqli_query($db, "UPDATE businesses SET username='$name' WHERE id='$id'");

    if($query)
    {
        $msguname = "<p>Your username has now been updated.</p>";
    }

Thanks

if($query) is not good check.. instead check mysqli_affected_rows == 1 — Svetoslav, Nov 27 '15 at 18:56
It is not clear to me what the problem is. Also you are mixing the quotes, in sql commands the single quote should be used for string parameters not the double quotes. — Jorge Campos, Nov 27 '15 at 18:57
Problem in single quotes: http://stackoverflow.com/questions/3446216/what-is-the-difference-between-single-quoted-and-double-quoted-strings-in-php — MaxXx1313, Nov 27 '15 at 18:58

score 0 · Answer 1 · answered Nov 27 '15 at 18:57

0

You need to use isset() on both variables to check them both.

if(isset($_POST['submit']) && isset($_POST["submituname"]))

You're sql query is current open to injection attack, make sure you use PDO or mysqli_real_escape_string().

answered Nov 27 '15 at 18:57

Tristan

3,301
8
22
27

Thanks Tristan. Purely testing on a local server at the moment will be adding mysqli_real_escape_string(). Thanks for the help and heads up though. – James Parsons Nov 27 '15 at 19:00

score 0 · Answer 2 · answered Nov 27 '15 at 19:06

Few mistakes..

Is that all functions must be inside your IF.. (so they are triggered only when its a post request and etc.
You must set isset to both post params which you are checking
What will you do if id is not set ? In that case I am giving a small easy trick by using filter_input which return NULL on not set param (another thing is escaping but I will leave you small task to learn how to escape vars..)
Last thing is your if($query) .. this is wrong check if you have any success.

Here is a working copy

if(isset($_POST['submit']) && ($_POST["submituname"])) {
    $id = filter_input(INPUT_POST, 'id');
    $name = filter_input(INPUT_POST, 'name');
    $query = mysqli_query($db, "UPDATE businesses SET username='{$name}' WHERE id={$id}");
    if(mysqli_affected_rows($db) === 1){
        $msguname = "<p>Your username has now been updated.</p>";
    } 
}

Thanks Svetilo great explanation. I had no luck unfortunately. I think I may have been a little vague in what I was trying to achieve. It is to to update a table from an admin area. The path to this point is: Log in to admin area (using a different table) Search 'businesses' database for entry Entry displays with an update button, the update button has a hidden ID value that gets posted to this page. Does that help at all? — James Parsons, Nov 27 '15 at 19:16

Two if(isset($_POST) arrays in one update query?

2 Answers2