-4

I am making a website eCommerce website but I am stuck with this no-so working PHP and MySQL code,

Let's say, $_GET["pid"] is from URL sent from other page with given value of 111 and $_POST["submit"] is a Form's submit button from a same page.

<?php
$connection = mysqli_connect("localhost", "root", "", "users_database");
$row = mysqli_fetch_array(mysqli_query($connection, "SELECT * FROM users_products"));

if(isset($_POST["submit"])){
    $pid = $_GET["pid"];    
    $sql_update = mysqli_query($connection, "UPDATE users_products SET product_name='$_POST[product_name]' WHERE id=$pid");
    header("location: admin_home.php");
}
?>

The code will work if i change "WHERE id=$pid" to exact number such as "WHERE id=100". I believe there is a problem with the value "$pid" and needed to be change to other method?

David Dasie
  • 13
  • 4
  • there isn't enough code here to give you a solid solution. No way to know where `$_GET["pid"]` is coming from, seems like a form you didn't post. – Funk Forty Niner Feb 02 '16 at 03:15
  • @Fred-ii- No clarification yet, looks like OP went for some *coffee*. :-) – Rajdeep Paul Feb 02 '16 at 03:21
  • Assuming that your code is making it to the `mysqli_query` function call, I would move the query string into a variable `$q="UPDATE ..."`, print that variable to your web page, and run the query directly in the database engine, using MySQL Workbench or whatever client you use, to see if it generates any error messages. – Dave F Feb 02 '16 at 16:27

2 Answers2

0

Change the string:

"UPDATE users_products SET product_name='$_POST[product_name]' WHERE id=$pid"

to this

"UPDATE users_products SET product_name='" .$_POST[product_name]. "' WHERE id=" .$pid

The issue is due to you're not passing the value of $pid but the string $pid itself.

Dr. Stitch
  • 908
  • 6
  • 15
0

Use intval() function to get the integer value of the variable, like this:

$pid = intval($_GET["pid"]);

Here's the reference:

Rajdeep Paul
  • 16,887
  • 3
  • 18
  • 37