MySQL UPDATE function is not working

Question

I'm a new in PHP coding and this is one assignment that I have to do.

I have included DB Connect already in the file but these are codes I use in this assignment which is able to edit the job advertisement data.

This is advertisement table file.

$result = mysql_query("SELECT * FROM advertisement");
<TABLE border ='1'>
<table style="width:100%">
<tr>

<th>Advertisement ID</th>
<th>Position</th>
<th>Start Date</th>
<th>End Date</th>
<th></th>
<th></th>

</tr>

<?php
while ($row = mysql_fetch_array($result, MYSQL_ASSOC)){

echo "<TR>";

echo "<TD>".$row['Ad_ID']."</TD>";
echo "<TD>".$row['Position_Name']."</TD>";
echo "<TD>".$row['Start_date']."</TD>";
echo "<TD>".$row['End_date']."</TD>";
echo "<TD><a href='edit-advertisement.php?ad_id=".$row['Ad_ID']."'>Edit</a></TD>";
echo "<TD><a href='delete-advertisement.php?ad_id=".$row['Ad_ID']."'>Delete</a></TD>";

echo "</TR>";
}

?>

And this is edit-advertisement.php file.

$result = mysql_query("SELECT * FROM advertisement WHERE Ad_ID='".$_REQUEST['ad_id']."'");
$row = mysql_fetch_array($result, MYSQL_ASSOC);
<form name = 'edit-advertise-form' method = 'POST' action = 'confirm-edit-adv.php'>
<br >
<input type='hidden' name='ad_id' value='<?=$row['Ad_ID']?>'>
Advertisement ID :  <?=$row['Ad_ID']?><br><br />
Position to be recruited : <input type = "Textbox" Name = "Pos_Name" value = '<?=$row['Position_Name']?>'><br><br>
Job Description: <br ><br />  <textarea name="Job_Des" rows="5" cols="40" value = '<?=$row['Ad_Job_Description']?>'> </textarea><br><br>
Job Qualification: <br ><br /> <textarea name="Job_Quali" rows="5" cols="40" value = '<?=$row['Ad_Job_Qualification']?>'> </textarea><br><br>
Skill required: <br ><br /> <textarea name="Skill_Req" rows="5" cols="40"value = '<?=$row['Ad_Skill_Required']?>'> </textarea><br><br>
Salary offer: <input type = "Textbox" Name = "Salary" value = '<?=$row['Position_Salary_Detail']?>'><br><br>

Start date :
<SELECT name='s_day'>
<?php
$i = 1 ;
while($i<=31) {
?>
<OPTION value = '<?php echo $i;?>' >    <?php echo $i;?>    </OPTION>
<?php $i++; }
?>
</SELECT>

<SELECT name='s_month' >
<?php
$month = array( 1=> JANUARY,FEBRUARY,MARCH,APRIL,MAY,JUNE,JULY,AUGUST,SEPTEMBER,OCTOBER,NOVEMBER,DECEMBER);
$i = 1;
foreach ($month as $m){
?>  
<OPTION value = '<?php echo $i;?>' > <?php echo $m;?> </OPTION>
<?php
$i++;}  
?>
</SELECT>

<SELECT name = 's_year'>
<?php 
$curYear = getdate();
for($year = 2016 ; $year <= $curYear['year']; $year++){
?>
<OPTION value = '<?php echo $year;?>'> <?php echo $year;?> </OPTION> 
<?php
}   
?>
</SELECT>

End date -> Same as Start date

<input type = 'Submit' name = 'edit-adv' value = 'Update'><br><br>
<button onclick="goBack()">Back</button>

</form>

And finally the update function page

        $ad_id = $_POST["ad_id"];
        $pos_name = $_POST["Pos_Name"];
        $job_des = $_POST["Job_Des"];
        $job_qua = $_POST["Job_Quali"];
        $skill_req = $_POST["Skill_Req"];
        $salary = $_POST["Salary"];
        $s_date = $_POST["s_year"].'/'.$_POST["s_month"].'/'.$_POST["s_day"];
        $e_date = $_POST["e_year"].'/'.$_POST["e_month"].'/'.$_POST["e_day"];


        $sql = ("UPDATE advertisement SET Position_Name = '".$pos_name."',
        Ad_Job_Description = '".$job_des."', Ad_Job_Qualification = 
        '".$job_qua."', Ad_Skill_Required = '".$skill_req."', 
        Position_Salary_Detail = '".$salary."', Start_date = '".$s_date."', 
        End_date = '".$e_date."' WHERE Ad_ID = '".$ad_id."'");

Which I have no idea what is wrong in $sql line or what.

I tried to echo $sql and nothing is there so it means that no value in $sql right?

How to solve this problem? Thank you in advance !!! Ps. sorry for a long code post

Well, from what you posted looks like you're not _executing_ the query — Damien Pirsy, Mar 21 '16 at 08:40
If you're new to PHP coding, note that the database API you're using (`mysql_*`) is deprecated and removed in newer PHP versions. You should really not get started by learning an obsolete API but instead use for example `mysqli_*` or `PDO`. — Joachim Isaksson, Mar 21 '16 at 08:41
I guess you forgot something? It should be like this `$sql = mysql_query("UPDATE ...");`, in your update function page. — rhavendc, Mar 21 '16 at 08:44
All the usual problems we see here every day: 1) Deprecated API already removed from PHP 2) SQL Injection 3) Lack of error checking 4) PHP error reporting probably disabled. — Álvaro González, Mar 21 '16 at 08:46
The `mysql_query` command is not wrapped in `` tags meaning it's not treated as PHP code. Not sure if the tags were removed to simplify code or if they are really missing. — apokryfos, Mar 21 '16 at 08:50

score 0 · Accepted Answer · answered Mar 21 '16 at 08:48

0

in new version Connection

$con = mysqli_connect(DB_HOST, DB_USER, DB_PASSWD);
if (!$con) {
  die('Could not connect: ' . mysql_error());
}

mysqli_select_db($con, DB_NAME) or die('Could not select database.' . mysql_error());

and then like this update your db table

$qr = mysqli_query($con, "UPDATE advertisement SET Position_Name= '$pos_name',Ad_Job_Description= '$job_des' WHERE Ad_ID= '$ad_id' ");

answered Mar 21 '16 at 08:48

Himanshu Bhuyan

306
2
8
20

Sadly, injecting totally unvalidated `$_POST` variables directly in the SQL string makes this no more secure than staying on `mysql_*`. Please use parameters. – Joachim Isaksson Mar 21 '16 at 09:00
Thank you ! It works now – gznero Mar 21 '16 at 11:15

MySQL UPDATE function is not working

1 Answers1