HTML Form changing echo'ed variables but NOT database?

Question

I have this form:

<div class="col-md-6">
                      <h4>Update Contact Details</h4>
                      <form action="" method="post" name="contact" id="contact">                      
<div class="form-group">
<label>*Address:</label>
<input type="text" class="form-control" id="address_line_1" name="address_line_1" value="<? echo $address_line_1; ?>" placeholder="Address Line 1..." required="required">
<input type="text" class="form-control" id="address_line_2" name="address_line_2" value="<? echo $address_line_2; ?>" placeholder="Address Line 2...">
<label>*Postcode:</label>
<input type="text" class="form-control" id="postcode" name="postcode" value="<? echo $postcode; ?>" placeholder="Postcode" required="required">
</div>
<div class="form-group">
<label>*Phone Number:</label>
<input type="number" class="form-control" id="contact_number" name="contact_number" value="<? echo $contact_number; ?>" placeholder="Phone Number" required="required">
</div>
<div class="form-group">
<input type="hidden" class="form-control" id="userid" name="userid" value="<? echo $userid; ?>">
<button type="submit" id="contact" name="contact" class="btn btn-primary btn-sm">Save Details</button>
</div>
                      </div>

Which runs to this script:

if(isset($_POST['contact'])){
    $address_line_1 = str_replace("'","\\'",$_POST['address_line_1']);
    $address_line_2 = str_replace("'","\\'",$_POST['address_line_2']);
    $postcode = str_replace("'","\\'",$_POST['postcode']);
    $contact_number = $_POST['contact_number'];
    $uid = $_POST['userid'];

    mysqli_query($conn, "UPDATE ap_users SET address_line_1 = '$address_line_1', address_line_2 = '$address_line_2', postcode = '$postcode', $contact_number = '$contact_number' WHERE user_id = '$uid'");
}

Very basic, I know - when I send the form, the variables which are echoed on the page such as echo $address_line_1 all change to the new results, although when I reload the page, they return to the old results. It appears that the MySQL database isn't being updated when I send the form and I'm not too sure why?

add `or die(mysqli_error($conn))` to `mysqli_query()` to see if errors come of it. use `affected_rows()` on update also. — Funk Forty Niner, Nov 29 '15 at 14:06
plus, if your form and sql are in the same file, use a header to redirect to the same page and make sure you're not outputting before header. and make sure short tags are enabled. — Funk Forty Niner, Nov 29 '15 at 14:08
also you are using `if(isset($_POST['contact'])){` and have 2x name attributes for the form and the button. Remove the one from `
`. Name attribute on `
` only works if using jQuery/Ajax. — Funk Forty Niner, Nov 29 '15 at 14:10
I had, an error so rewrote the `mysqli_query` and it seems to work when I reduced it to only updating `address_line_1`, `address_line_2` and `postcode`... Bit odd. The sql is in the same file as the form but maybe that's not the best way to go about it now with these kind of issues ? — Snappysites, Nov 29 '15 at 14:15
@Fred-ii- I have removed the attributes and I've changed the name of the form to `updatecontact` and it seems to be working okay with ALL variables now! Thanks for the help, If you re-post your comments in an answer I'll mark it as correct answer ! — Snappysites, Nov 29 '15 at 14:18
@Snappysites will do. I'll write up a bit more also. Give me a few minutes. *cheers* — Funk Forty Niner, Nov 29 '15 at 14:25

score 0 · Accepted Answer · edited May 23 '17 at 10:27

As requested by the OP.

Add or die(mysqli_error($conn)) to mysqli_query() to see if errors come of it.

It's also best to use affected_rows() on update also.

Also, you are using if(isset($_POST['contact'])){ and have 2x name attributes for the form and the button.

Remove the one from <form>. Name attribute on <form> only works if using jQuery/Ajax.

Plus, if your form and PHP/SQL are in the same file, use a header to redirect to the same page and make sure you're not * outputting before header. and make sure short tags are enabled.

References:

Your present code is open to SQL injection. Use mysqli_* with prepared statements, or PDO with prepared statements.

HTML Form changing echo'ed variables but NOT database?

1 Answers1

Linked