-4

Hi i need to update a query by comparing id and email but if i give id in where condition it is not working.Here is my code.

index.php

<td style="width:21%;"><a class="button add" href="editsalaries.php?id=<?php echo $row['user_id'];?>">Edit Salary Details</a></td>

editsalaries.php

<form method="post" action="updatesalaries.php" id="myform">
<input type='hidden' value="<?php echo $username; ?>" name='email'> 
<?php  include "editsalary.php";?>
<table style="border-collapse: collapse;border: 1px solid black;width:44%;">
<label>Company Name</label>
<input type="text" name="company_name" value="<?php echo $row['company_name'];?>" />
 <label>Name</label>
<input type="text" name="user_name" value="<?php echo $row['user_name'];?>" />
<button type="submit"  class = "medium" style="background-color: #2daebf;">Save</button>

updatesalaries.php

$id=$_GET['id'];
$email=$_POST['email']; 
$companyname=$_POST['company_name'];
$name=$_POST['user_name'];
$query=mysql_query("UPDATE user_salary_details SET
       company_name='$companyname',user_name='$name'WHERE email='$email' AND user_id='$id'  
");

editsalary.php

$id=$_GET['id']; 
$res = "SELECT *
FROM user_salary_details
WHERE email ='$username'
AND user_id='$id'";
$result=mysql_query($res);
$row = mysql_fetch_array($result);
user5891511
  • 71
  • 3
  • 9
  • Show us what you tried with the id in the where condition – Epodax Feb 09 '16 at 12:41
  • if i add user_id in where condition the data is not updating if i remove that id from where condition it is working – user5891511 Feb 09 '16 at 12:44
  • Which where condition "is not working"? – Shadow Feb 09 '16 at 12:45
  • 2
    You are not submitting the ID with the form, also you need to fetch the ID with POST and not GET once you've added the ID to the form – Epodax Feb 09 '16 at 12:45
  • Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Feb 09 '16 at 12:46
  • @Shadow in updatesalaries it is not working i need to check both conditions there – user5891511 Feb 09 '16 at 12:46
  • while clicking on edit button iam getting that id and comparing that id in editsalry.php and getting the details but while updating iam able to update – user5891511 Feb 09 '16 at 12:49
  • [Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Jay Blanchard Feb 09 '16 at 12:49
  • You're not setting the id in any way, shape or form. – Jay Blanchard Feb 09 '16 at 12:50
  • That's because the ID is not submitted through the form, the edit link contains `?id=` But when you submit a form the form needs to contain the ID in a input field (most likely of the type hidden). – Epodax Feb 09 '16 at 12:52
  • @Epodax can you please edit the code – user5891511 Feb 09 '16 at 12:53
  • No, I am not gonna write the code for you, this is basic php / html that you need to understand, I strongly suggest you find some tutorials. – Epodax Feb 09 '16 at 12:53
  • depends on where `$row['user_id']` and `$username` are populated from and possibly others. Check for errors via PHP/MySQL. we also don't know which MySQL API you're using to connect with. – Funk Forty Niner Feb 09 '16 at 12:54
  • @Epodax Solved thank you for the help – user5891511 Feb 09 '16 at 12:57

1 Answers1

1

The form in the first code section does not have any control named id, which means that $_GET['id'] will not be populated in updatesalaries.php. Place the user id into a session variable or into a hidden control.

Shadow
  • 33,525
  • 10
  • 51
  • 64
  • Can you please update that one as iam not getting what you are saying – user5891511 Feb 09 '16 at 12:52
  • The form in the editsalaries.php still does not have a control with the name `'id'`. The link whicj code you provided displays the edit form only, the id is not preserved in the subsequent call to the updatesalaries.php. – Shadow Feb 09 '16 at 13:00