-2

The values are not updated in mysql database while using the following code. I wanted to update database hell with the new values entered in textbox. 

    <?php
    $con=mysql_connect("localhost","host","pass");
    mysql_select_db("Host",$con);
    if(isset($_POST['update'])){
    $upd= "UPDATE hell SET name='".$_POST['name']."'
    WHERE rno='".$_POST['rno']."'";
    mysql_query($upd,$con);
    }
    $sql="SELECT * FROM hell";
    $rec=mysql_query($sql,$con);
    ?>
    <html>
    <body>
    <table width="600" border="1" cellspacing="1" cellpadding="1">
    <tr>
    <th>Name</th>
    <th>Roll No.</th>
    </tr>
    <?php
    while($arr=mysql_fetch_assoc($rec))
    {
    echo "<form action=untitled2.php method=post>";
    echo "<tr>";
    echo "<td>"."<input type=text name='name' value='".$arr['name']."'>"."
    </td>";
    echo "<td>".$arr['rno']."</td>";
    echo "<input type=hidden name='rno' id='rno' value='".$arr['rno']."'>";
    echo "<td>"."<input type=submit value='update'>"."</td>";
    echo "</tr>";
    echo "</form>";
    }
    ?>
    </table>
    </body>
    </html>
Henodi
  • 75
  • 1
  • 1
  • 10

1 Answers1

0

So many errors in your code :

1) Dont use mysql_*. It is deprecated and removed from PHP 7. Use mysqli_* or PDO.

2) Mysql connection should be used like this : 

$con = mysql_connect("localhost","host","pass");
mysql_select_db("Host",$con);

3) Your update query is wrong and it's execution. Try this : 

$upd= "UPDATE hell SET name='".$_POST['name']."' WHERE rno='".$_POST['rno']."'";
mysql_query($upd,$con);

4) Select query execution should be like this : 

$sql="SELECT * FROM hell";
$rec=mysql_query($sql,$con);

5) You can not use form inside table. It's invalid html format.

6) Read this : How can I prevent SQL injection in PHP?

Community
  • 1
  • 1
Mr. Engineer
  • 3,522
  • 4
  • 17
  • 34